Author: cellobrew
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 03 February 2013 at 8:39pm
I'm suprised you haven't gotten any replies yet.
All three laptops in my house are infected, according to your two tests. Here's info from just one of them.
Lenovo Y580, Windows Vista 64 Home
test 1
csrss.exe <non-existent process>(604)
wininit.exe <non-existent process>(604)
csrss.exe [second instance] <non-existent process>(928)
winlogon <non-existent process>(928)
explorer.exe <non-existent process>(2104)
test 2 - machine was turned off, power cord removed, and battery disconnected; processhacker was set to boot with Windows
large number (about 30) of unknown process show up on boot (I can post a dump if it will help you)
also unknown process accessing Firefox, Chrome, and Forte Agent (usenet reader) files after starting and exiting these programs
I don't know the original vector, but I assume the infection was spread from the wireless DSL router in my house. I also have an Android smartphone, which I must assume is infected although there is no way presently to test and would probably require rooting the phone to run such a test.
If wireless routers can be infected, then there is probably no free wireless hotspot that is safe to use!
I can understand why you're getting stonewalled by the AV companies. This is huge. The financial impact alone of a significant percentage of the world's PCs being irrepairably infected is staggering.
Are Macs affected?
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 03 February 2013 at 8:39pm
I'm suprised you haven't gotten any replies yet.
All three laptops in my house are infected, according to your two tests. Here's info from just one of them.
Lenovo Y580, Windows Vista 64 Home
test 1
csrss.exe <non-existent process>(604)
wininit.exe <non-existent process>(604)
csrss.exe [second instance] <non-existent process>(928)
winlogon <non-existent process>(928)
explorer.exe <non-existent process>(2104)
test 2 - machine was turned off, power cord removed, and battery disconnected; processhacker was set to boot with Windows
large number (about 30) of unknown process show up on boot (I can post a dump if it will help you)
also unknown process accessing Firefox, Chrome, and Forte Agent (usenet reader) files after starting and exiting these programs
I don't know the original vector, but I assume the infection was spread from the wireless DSL router in my house. I also have an Android smartphone, which I must assume is infected although there is no way presently to test and would probably require rooting the phone to run such a test.
If wireless routers can be infected, then there is probably no free wireless hotspot that is safe to use!
I can understand why you're getting stonewalled by the AV companies. This is huge. The financial impact alone of a significant percentage of the world's PCs being irrepairably infected is staggering.
Are Macs affected?